-33- 



WHAT IS CLAIMED IS: 

1 . A method of secxiring a token from unauthorized use, comprising the 
steps of: \ 

receiving a first message transmitted from a host processing device and 
addressed to a PIN entryldevice according to a xmiversal serial bus (USB) protocol; 
accepting a PIN entered into the PIN entry device; and 
transmitting a second message comprising at least a portion of the first 
message arid the PIN fron| the PIN entry device to the token along a secure 
communication path: 1 

2. The methodlof claim 1, wherein: 

the first message is deceived in the PEN entry device; and 
the second message is transmitted from the PIN entry device directly to the 
token along the secure conraiunication path. 

3. The method of claim 1, wherein: 

the step of receiving thft first message transmitted from a host processing 
device and addressed to a PIN entry device comprises the steps of: 

receiving the first message in a USB-compliant hub communicatively 
coupled to the host processing device via a first communication path; 

transmitting the fiist message to the PIN entry device communicatively 
coupled to the USB-compliant hup; and 

the step of transmitting the second message comprising the portion of the first 
message and the PIN and at least alportion of the first message from the PIN entry 
device to the token along a secure communication path comprises the steps of: 

transmitting a second message from the pin entry device via the USB hub. 
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4. The methop of claim 3, wherein the step of transmitting the second 
message from the PIN entry device via the USB-compHant hub comprises the steps 
of: 

transmitting a thirq message comprising the PIN from the PIN entry device to 
the USB-compHant hub;, 

processing the message in the USB-compUant hub to produce the second 
message; and 1 

transmitting the second message from the USB-compUant hub. 

5. The method of claim 1, wherein the signal received from the host 
processing device is generated in an API interface. 

6. The method qf claim 1 , wherein: 

the first message is encrypted according to a first encryption key; and 
the pin entry device comprises a decryption module having access to the first 
encryption key for decoding the first message. 

7. The method of claim 1, wherein the second message is transmitted to 
the token according to a USB-tompliant protocol. 

8. The method of claim 1 , wherein the second message is encrypted 
according to a second encryption key and the token comprises a decryption module 
having access to the second encryption key. 
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9. The metriod of claim 1, wherein the step of transmitting the second 
message from the PIN entry device to the token fiirther comprises the step of: 

encrypting the second message according to a second encryption key stored in 
the PIN entry device arid the token; and 

transmitting th(; encrypted second message to the token. 



10. The 
transmitted from the 



method of claim 1, wherein the first message is a message 
h|bst processing device to authorize a transaction. 



11. Themdthod 
transmitted from the Host 



of claim 1, wherein the first message is a message 
processing device to authenticate a user of the token. 



12. An apparatus for securing a token from unauthorized use, comprising: 
a PIN entry de^ dee, communicably coupleable to a host processing device 

transmitting a first message addressed to the PIN entry device, and communicatively 
coupleable to the toker according to a universal serial bus USB protocol, the PIN 
entry device comprisin 

a user irbut device, for accepting a user-input PIN; and 
a processor, communicatively coupled to the user input device, the 
processor for receiving ihe first message and combining the first message with the 
user-input PIN, and for ] producing a second message having at least a portion of the 
first message and the us(;r- input PIN. 

13. The appai atus of claim 12, wherein the first message is encrypted 
according to a first encryption key and the PIN entry device further comprises: 

a module for decnypting the first message from the host processing device 
according to a first encryption key. 
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14. The apparatus of claim 13, wherein the module is a software module 
having instructions storeti in a memory accessible to the processor. 

15. The apparatus of claim 14, wherein the PIN entry device fiirther 
comprises: 

a second module fd^ encrypting the second message according to a second 
encryption key. 



16. The apparatus of claim 15, wherein the second module is a software 
module having instructions stored in a memory accessible to the processor. 



17. The apparatus 
comprises an output device folr 



3f claim 12, wherein the PIN entry device fiirther 
prompting the user to enter the PIN. 



18. A method for sipcuring a token from unauthorized use, comprising: 
intercepting a first mes^ge from the host processing device addressed to the 
token in a hub; 

providing the intercepted message to a PIN entry device communicatively 
coupled to the hub; 

accepting a second mess^e from the PIN entry device comprising a user- 
entered PIN; 



generating a third message 
comprising the user-entered pin ai 



transmitting the third mess ige from the USB-compliant hub to the token. 



from the second message, the third message 
d at least a portion of the first message; and 
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19. The method oi' claim 18, further comprising the step of: 
encrypting the third message iccording to a first encryption key stored in a memory of 
the token before transmitting the third message to the token. 



20. An apparatus for securing a token fi-om unauthorized use, comprising: 
a USB-comphant hub, eommunicably coupleable between a host processing 
device and the token, the USB pompHant hub having; 

means for interoepting a message addressed to the PIN entry device; 
means for generating a third message fi"om the first message and a 
user-entered PIN; and 

means for transmitting the third message to the token; 
a PIN entry device, communicatively coupled to USB-compliant hub, for 
accepting a user-entered PINjand providing the user-entered PIN to the USB- 
compliant hub. 



2 1 . The apparatus of claim 20, wherein the means for intercepting a 
message addressed to the PE^ entry device, the means for generating the third 
message fi-om the first message and a user-entered PIN and the means for transmitting 
the third message to the tok€ n comprises at least one processor having at least one 
communicatively coupled n emory storing processor instructions for intercepting a 
message addressed to the PIN entry device, for generating the third message from the 
first message and a user-enljered PIN, and for transmitting the third message to the 
token. 



22. The apparatus of claim 20, wherein the USB-compliant hub fiirther 
comprises a means for encrypting the third message according to an encryption key 
stored in a memory of thej token. 
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23. The apparatus of claim 22, wherein the means for intercepting a 
message addressed to the PIN entry device, the means for generating the third 
message from the first message and a user-entered PIN, the means for encrypting the 
third message according to\an encryption key stored in the memory of the token and 
the means for transmitting tne third message to the token comprises at least one 
processor having at least onei communicatively coupled memory storing processor 
instructions for intercepting al message addressed to the PIN entry device, for 
generating the third message from the first message and a user-entered PIN, for 
encrypting the third message according to an encryption key stored in the memory of 



the token and for transmitting 



le third message to the token. 
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